CVE Daily
← All tags

Tag: Microsoft Office

All CVEs associated with "Microsoft Office". Page 3/16 • 1815 CVEs.

Subscribe CVEs: RSS for “Microsoft Office”  ·  RSS (High+Critical only)

About “Microsoft Office”

A curated feed of “Microsoft Office”-related CVEs appears below. We currently track 1815 CVEs for this tag (all time). In the last 365 days, 254 were published. Average CVSS is 7.5 (all time; 7.5 over 365d), and 68% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-06-10
High

CVE-2025-47174

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-47173

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-641 - Improper Restriction of Names for Files and Other Resources View on NVD
High

CVE-2025-47172

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2025-47171

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-47170

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-47169

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-47168

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-47167

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2025-47166

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-47165

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-47164

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-47163

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-47162

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2025-06-09
Medium

CVE-2025-5877

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/Applicatio…

CVSS: 6.3 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
2025-06-02
Medium

CVE-2025-5433

A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manip…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-05-26
Critical

CVE-2025-2146

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2025-05-25
Medium

CVE-2025-5139

A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice…

CVSS: 5.6 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-05-22
Medium

CVE-2025-48369

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-48368

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffic…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-48366

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-05-20
High

CVE-2025-3079

A passback vulnerability which relates to office/small office multifunction printers and laser printers.

CVSS: 8.7 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2025-3078

A passback vulnerability which relates to production printers and office multifunction printers.

CVSS: 8.7 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2025-05-14
Medium

CVE-2024-57096

An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-05-13
High

CVE-2025-32705

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-32704

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-30393

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-30386

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-30384

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.4 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-30383

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2025-30382

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-30381

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-30379

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-763 - Release of Invalid Pointer or Reference View on NVD
High

CVE-2025-30378

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-30377

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 8.4 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-30376

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-30375

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2025-29979

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-29978

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-29977

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-29976

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-04-27
Low

CVE-2025-3970

A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cr…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-04-23
High

CVE-2025-32818

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (Do…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-04-17
Critical

CVE-2025-32665

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator office-locator allows SQL Injection.This issue affects Office Locato…

CVSS: 9.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-04-15
Medium

CVE-2025-30737

Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allow…

CVSS: 5.7 CWE: N/A View on NVD
High

CVE-2025-27791

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckF…

CVSS: 8.3 CWE: CWE-23 - Relative Path Traversal View on NVD
2025-04-08
High

CVE-2025-29823

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-29822

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

CVSS: 7.8 CWE: CWE-184 - Incomplete List of Disallowed Inputs View on NVD
High

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-29816

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

CVSS: 7.5 CWE: CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data View on NVD
High

CVE-2025-29794

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2025-29793

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-29792

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-29791

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2025-27752

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-27751

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27750

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27748

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27747

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2025-27746

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27745

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-27744

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-3402

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.j…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-03-27
Critical

CVE-2025-2516

The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. A…

CVSS: 9.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2025-03-22
Medium

CVE-2025-2626

A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file edit_case.php. The manipulati…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-03-21
Medium

CVE-2025-2604

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipu…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-2603

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file deactivate.php. The ma…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-2602

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php.…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-2601

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipu…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-03-17
High

CVE-2025-2396

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrar…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2025-2395

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

CVSS: 9.8 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD
2025-03-13
High

CVE-2025-29998

This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by send…

CVSS: 8.2 CWE: CWE-799 - Improper Control of Interaction Frequency View on NVD
High

CVE-2025-29997

This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipu…

CVSS: 8.2 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-29996

This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploi…

CVSS: 8.2 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2025-29995

This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit…

CVSS: 8.3 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
High

CVE-2025-29994

This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vuln…

CVSS: 8.2 CWE: CWE-1390 - Weak Authentication View on NVD
2025-03-11
High

CVE-2025-26630

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-26629

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24083

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2025-24082

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24080

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24079

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24078

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24077

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-24075

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-24057

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2025-03-06
Medium

CVE-2025-25191

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixe…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-24796

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typica…

CVSS: 6.3 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
High

CVE-2025-2030

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue is some unknown functionality of the fi…

CVSS: 7.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-03-04
High

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In th…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2024-11957

Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library…

CVSS: 9.3 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2025-02-11
High

CVE-2025-21397

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21392

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-02-06
Medium

CVE-2024-13614

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Securi…

CVSS: 5.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to per…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-01-28
Critical

CVE-2024-12649

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unres…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-12648

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-12647

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2025-01-27
Medium

CVE-2024-56957

An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.

CVSS: 6.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-01-14
High

CVE-2025-21402

Microsoft Office OneNote Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-641 - Improper Restriction of Names for Files and Other Resources View on NVD
High

CVE-2025-21365

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2025-21356

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21346

Microsoft Office Security Feature Bypass Vulnerability

CVSS: 7.1 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-21345

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-01-09
Medium

CVE-2024-54761

BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.

CVSS: 6.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-01-08
Medium

CVE-2024-13187

A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipu…

CVSS: 5.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2024-12-12
Low

CVE-2024-12536

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the f…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-49065

Microsoft Office Remote Code Execution Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-49059

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-43600

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2024-11-29
Medium

CVE-2024-53864

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has…

CVSS: 5.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-11-28
High

CVE-2024-52501

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebbyTemplate Office Locator office-locator.This issue affects Office Locator:…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
2024-11-12
High

CVE-2024-49032

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-49031

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-126 - Buffer Over-read View on NVD
2024-11-11
Medium

CVE-2024-51992

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Expo…

CVSS: 4.1 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
2024-11-08
High

CVE-2024-50592

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during th…

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-50593

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, whic…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2024-50591

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD